ASYMMETRIC-COMPUTING TYPE SHARED KEY ESTABLISHING METHOD SUITABLE FOR CLOUD COMPUTING AND IoT

ABSTRACT

An asymmetric-computing type shared key establishing method suitable for cloud computing and IoT has the following advantages. The realization efficiency and the security level are high, and a cryptographic algorithm coprocessor is not needed. The method can be applied to occasions in which the computing capabilities are asymmetric, and attacks from quantum computers can be resisted. Compared with a conventional key exchange protocol such as the Diffie-Hellman key exchange protocol, the method can be more effective between servers and mobile equipment in the security fields as the IoT and cloud computing, and the method can be used in both the electronic environment and the quantum environment. Thus, the asymmetric-computing type shared key establishing method suitable for cloud computing and IoT provided by the invention can be widely applied to the field of information security systems such as network security and e-commerce.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of China Patent Application No. 201410246482.9, filed on Jun. 5, 2014, in the State Intellectual Property Office of the People's Republic of China, the disclosure of which is incorporated herein in its entirety by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention belongs to the technical field of information security (IS), especially relating to an asymmetric-computing type shared key establishing method suitable for cloud computing and IoT.

2. Description of the Related Art

To solve the problem that key management is complex in a symmetric cryptosystem, Diffie and Hellman brought forward the concept of “public-key cryptosystem” innovatively in 1976 and indicated that secret information can be transmitted in a public channel. Compared with symmetric cryptograph, encryption and decryption algorithm in the public-key cryptosystem tend to be complex and low-efficiency, and are therefore not suitable for encrypting mass data directly. Generally, a shared conversation key is established by utilizing the public key cryptographic technology (i.e., a shared key establishment protocol), and then the conversation key serves as a key of the symmetric cryptograph to encrypt plaintext.

The Diffie-Hellman Key Exchange protocol provided in 1976 opens up a new area in public key cryptography. The Diffie-Hellman Key Exchange protocol is based on the discrete logarithm problem, and characterized in that two parties are in the peering environment and computation is symmetric, namely computation of the two parties is identical. With continuous development of the IT industry, the applications of the key exchange method keep changing, and the original Diffie-Hellman type key exchange method cannot be appropriately used between server and terminal, and between server and mobile equipment on occasions as cloud computing and Internet of Things (IoT). The two parties have great difference in computing resources and capabilities, and thus, a shared key exchange protocol with asymmetric computation is needed.

At present, quantum computers have appeared. Further development of the quantum computer may be a grave threat to the Diffie-Hellman Key Exchange protocol. Many existing protocols, such as the MQV protocol that serves as the IEEE P1363 standard, are formed by improving the Diffie-Hellman Key Exchange protocol, and most of the existing protocols are based on discrete logarithm or elliptic-curve discrete logarithm and thus, incapable of resisting attacks from the quantum computer. A shared key exchange protocol that can resist the attack from the quantum computer is needed. Anshel et al. brought forward a shared key protocol based on common non-commutative groups in 1999 and a double-party shared key exchange protocol in 2001; however, both the protocols are proved to be insecure. Ko et al. put forward the called Diffie-Hellman type conjugate problem (DHCP) in CRYPTO 2000, and further brought forward a Diffie-Hellman type bilateral shared key exchange protocol; however, Cheon et al. suggested a polynomial time algorithm to solve the DHCP in 2003, and Myasnikon et al. even provided a more effective solution. In PQCrypto 2010, Boucher et al. proposed another bilateral shared key exchange protocol which is based on special non-commutative multiplication polynomial, but the bilateral shared key exchange protocol by Boucher was challenged by Dubois and et al. later.

SUMMARY OF THE INVENTION

The invention aims at providing an asymmetric-computing type shared key establishing method suitable for cloud computing and IoT, which is secure in both the electronic computation and quantum computation environments, to solve the existing technical problems.

The asymmetric-computing type shared key establishing method suitable for cloud computing and IoT is characterized in that:

(I) A system is established by setting an ergodic matrix Q∈F_(q) ^(n×n), selecting x₁, . . . x_(m)∈F_(q) _(n) and x₁ , . . . , x_(m) ∈F_(q) _(n) randomly and uniformly, computing Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) in F_(q) ^(n×n), and using Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) as public parameters, wherein Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) are irreversible pairwise in F_(q) ^(n×n), and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) are irreversible pairwise in F_(q) ^(n×n);

(II) A and B are supposed to be two communication parties respectively, and the two communication parties establish a shared key in the following steps that:

1) A selects

$r = {\left( {r_{1},\ldots \mspace{14mu},r_{m}} \right) \in {\left\{ {0,1} \right\}^{m}\left( {{{wt}(r)} = \left\lfloor \frac{m}{2} \right\rfloor} \right)}}$

randomly and uniformly, uses r as a private key, and computes

$\prod\limits_{i = 1}^{m}\; {Q_{i}^{r_{i}}\mspace{14mu} {and}\mspace{14mu} {\prod\limits_{i = 1}^{m}\; {\overset{\_}{Q}}_{i}^{r_{i}}}}$

in F_(q) ^(n×n);

2) B selects k, l∈F_(q) _(n) and M∈F_(q) ^(n×n) randomly and uniformly, uses k, l, M as a private key, and computes (Q₁ ^(k)

M

Q₁ ^(l) , . . . , Q_(m) ^(k)

M

Q_(m) ^(l) );

3) A transmits

$\left( {{\prod\limits_{i = 1}^{m}\; Q_{i}^{r_{i}}},{\prod\limits_{i = 1}^{m}\; {\overset{\_}{Q}}_{i}^{r_{i}}}} \right)$

to B;

4) B transmits (Q₁ ^(k)

M

Q₁ ^(l) , . . . , Q_(m) ^(k)

M

Q_(m) ^(l) ) to A;

5) A computes a shared key

${key} = {\prod\limits_{i = 1}^{m}\; \left( {Q_{i}^{k} \otimes_{q}M \otimes_{q}{\overset{\_}{Q}}_{i}^{l}} \right)^{r_{i}}}$

by utilizing the private key thereof; and

6) B computes a shared key

${key} = {\left\lbrack {\prod\limits_{i = 1}^{m}\; Q_{i}^{r_{i}}} \right\rbrack^{k} \otimes_{q}M^{\lfloor\frac{m}{2}\rfloor} \otimes_{q}\left\lbrack {\prod\limits_{i = 1}^{m}\; {\overset{\_}{Q}}_{i}^{r_{i}}} \right\rbrack^{l}}$

by utilizing the private key thereof; and

(III) A and B obtain a shared key

$\prod\limits_{i = 1}^{m}\; {Q_{i}^{{kr}_{i}} \otimes_{q}M^{\lfloor\frac{m}{2}\rfloor} \otimes_{q}{\prod\limits_{i = 1}^{m}\; {\overset{\_}{Q}}_{i}^{{lr}_{i}}}}$

via negotiation according to a secret key negotiation protocol;

The symbol “

” represents the tensor product in the finite field, and matrix multiplications also work in finite field.

The asymmetric-computing type shared key establishing method suitable for cloud computing and IoT of the invention has the advantages that:

(1) The method includes the shared key exchange method of high security level. The security performance of the shared key exchange method is mainly based on tensor and ergodic matrix problems which are proved to be NPC problems. The problems satisfy non-communicative condition, and thus, the shared key exchange method has the potential for resisting attack from the quantum computers;

(2) The method includes the shared key exchange method of high efficiency. The shared key exchange method mainly comprises multiplication in the finite field, and table look-up can be used for multiplication if lower field parameters as F₂ ₈ are selected. The efficiency is higher, and the method can be widely applied to embedded equipment with a limited computation capability; and

3) The method includes the asymmetric-computing type shared key exchange method which is needed in many occasions with development of novel information technology as the Internet of Things and cloud computing. The new key exchange method can be used in the asymmetric scenario such as cloud computing, the internet of things, in which there are communications between server and terminal, server and mobile devices, which means that under the same security bits level, compared with classical key establishing method, one of two participants in new key establishing method needs less computations and less key storage. The method can also be applied to occasions with equal computation capabilities.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows the shared key establishing method in a quantum computation environment or an asymmetric scenario, provided by an embodiment of the invention.

FIG. 2 shows the asymmetric-computing type shared key establishing construction diagram.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The asymmetric-computing type shared key establishing method suitable for cloud computing and IoT is further described in detail by utilizing the drawing together with the embodiment so that common technical staff in the field can understand and implement the method. The embodiment is used to explain the method; however, the method is not limited to the embodiment.

Example 1

As in FIG. 1, the asymmetric-computing type shared key establishing method suitable for cloud computing and IoT comprises that

(I) A system is established by selecting parameters q=3, n=3 and m=3, setting an ergodic matrix

$Q = \begin{pmatrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 1 & 0 & {- 1} \end{pmatrix}$

in the finite field F₃, selecting x₁=3, x₂=4, x₃=5, x₄=1∈F₈, x₁ =1, x₂ =5, x₃ =2 and x₄ =6∈F₈, computing

${Q_{1} = {Q^{3} = \begin{pmatrix} 1 & 0 & 2 \\ 2 & 1 & 1 \\ 1 & 2 & 0 \end{pmatrix}}},{Q_{2} = {Q^{4} = \begin{pmatrix} 2 & 1 & 1 \\ 1 & 2 & 0 \\ 0 & 1 & 2 \end{pmatrix}}},{Q_{3} = {Q^{5} = {{\begin{pmatrix} 1 & 2 & 0 \\ 0 & 1 & 2 \\ 2 & 0 & 2 \end{pmatrix}\mspace{14mu} {and}\mspace{14mu} Q_{4}} = {Q^{1} = \begin{pmatrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 1 & 0 & {- 1} \end{pmatrix}}}}}$

as well as

${{\overset{\_}{Q}}_{1} = {Q^{1} = \begin{pmatrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 1 & 0 & {- 1} \end{pmatrix}}},{{\overset{\_}{Q}}_{2} = {Q^{5} = \begin{pmatrix} 1 & 2 & 0 \\ 0 & 1 & 2 \\ 2 & 0 & 2 \end{pmatrix}}},{{\overset{\_}{Q}}_{3} = {Q^{2} = {{\begin{pmatrix} 0 & 0 & 1 \\ 1 & 0 & 2 \\ 2 & 1 & 1 \end{pmatrix}\mspace{14mu} {and}\mspace{14mu} {\overset{\_}{Q}}_{4}} = {Q^{6} = \begin{pmatrix} 0 & 1 & 2 \\ 2 & 0 & 2 \\ 2 & 2 & 1 \end{pmatrix}}}}}$

and using the same as public parameters;

(II) A and B are supposed to be two communication parties respectively, and the two communication parties establish a shared key in the steps that:

1) A selects r=(1, 0, 1, 0)⁴ randomly and uniformly, and computes

${\prod\limits_{i = 1}^{4}\; {Q_{i}^{r_{i}}\mspace{14mu} {and}\mspace{14mu} {\prod\limits_{i = 1}^{4}\; {\overset{\_}{Q}}_{i}^{r_{i}}}}};$

2) B selects 2, 7∈F₃ ₃ and

$M = {\begin{pmatrix} 1 & 2 & 1 \\ 0 & 2 & 0 \\ 1 & 1 & 1 \end{pmatrix} \in F_{3}^{3 \times 3}}$

randomly and uniformly, and computes (Q₁ ²

M

Q ₁ ⁷, . . . , Q₄ ²

M

Q ₄ ⁷);

3) A transmits

$\left( {{KA}_{1},{KA}_{2}} \right) = \left( {{\prod\limits_{i = 1}^{4}\; Q_{i}^{r_{i}}},{\prod\limits_{i = 1}^{4}\; {\overset{\_}{Q}}_{i}^{r_{i}}}} \right)$

to B;

4) B transmits (K B₁, K B₂, K B₃, K B₄)=(Q₁ ²

M

Q ₁ ⁷, . . . , Q₄ ²

M

Q ₄ ⁷) to A;

5) A computes a shared key

${{key}_{A} = {\prod\limits_{i = 1}^{m}\left( {KB}_{i} \right)^{r_{i}}}};$

and

6) B computes a shared key key_(B)=[K A₁]²

M²

[K A₂]⁷.

(III) Via negotiation, A and B can obtain a shared key in row 27 and column 27 of

${{key} = \begin{pmatrix} 1 & 1 & 2 & 2 & \ldots & 1 & 1 & 1 & 2 \\ 2 & 1 & 2 & 1 & \ldots & 1 & 2 & 1 & 2 \\ \vdots & \ddots & \ddots & \ddots & \ddots & \ddots & \ddots & \ddots & \vdots \\ 0 & 0 & 0 & 0 & \ldots & 1 & 1 & 1 & 1 \end{pmatrix}},.$

Under the condition that the safety and description are not influenced, only part of the shared key is given to save space.

Example 2

The asymmetric-computing type shared key establishing method comprises that:

(I) System Established: For parameters m>n²log q. Given two ergodic matrix Q₁, Q₂∈F_(q) ^(n×n), choose uniformly at random x=(x₁, . . . , x_(m))∈F_(q) _(n-1) ^(m) and {tilde over (x)}=({tilde over (x)}₁, . . . , {tilde over (x)}_(m)) ∈F_(q) _(n-1) ^(m) (for any i≠j, x_(i)+x_(j)≠0 mod (q^(n)−1), {tilde over (x)}_(i)+{tilde over (x)}_(j)≠0 mod (q^(n)−1)), take x,{tilde over (x)}as public parameters.

(II) Establish the sharing key, Alice and Bob need interaction as following.

(1) Alice chooses uniformly at random

${r = {\left( {r_{1},\ldots \mspace{14mu},r_{m}} \right) \in {\left\{ {0,1} \right\}^{m}\left( {{{wt}(r)} = \left\lfloor \frac{m}{2} \right\rfloor} \right)}}},$

compute (Q₁ ^(<x,r>), Q₂ ^(<{tilde over (x)},r>)) mod q and take r as private.

(2) Bob chooses uniformly at random k, l∈F_(q) _(n) ₋₁ and a random dense matrix M∈F_(q) ^(n×n), compute (Q₁ ^(kx) ¹

M

Q₂ ^(l{tilde over (x)}) ¹ , . . . , Q₁ ^(kx) ^(m)

M

Q_(x) ^(l{tilde over (x)}) ^(m) ) and take k, l, M as private.

(3) Alice sends (Q₁ ^(<x,r>), Q₂ ^(<{tilde over (x)},r>)) mod q to Bob.

(4) Bob sends (Q₁ ^(kx) ¹

M

Q₂ ^(l{tilde over (x)}) ¹ , . . . , Q₁ ^(kx) ^(m)

M

Q₂ ^(l{tilde over (x)}) ^(m) ) to Alice.

(5) Alice computes

${key}_{A} = {\prod\limits_{i = 1}^{m}{\left( {Q_{1}^{{kx}_{i}} \otimes_{q}M \otimes_{q}Q_{2}^{l{\overset{\sim}{x}}_{i}}} \right)^{r_{i}}.}}$

(6) Bob computes

${key}_{B} = {\left\lbrack Q_{1}^{\langle{x,r}\rangle} \right\rbrack^{k} \otimes_{q}M^{\lfloor\frac{m}{2}\rfloor} \otimes_{q}{\left\lbrack Q_{2}^{\langle{\overset{\sim}{x},r}\rangle} \right\rbrack^{l}.}}$

(III) Through the exchange method, Alice and Bob negotiate a common key

$\prod\limits_{i = 1}^{m}{Q_{1}^{{kx}_{1}r_{i}} \otimes_{q}M^{\lfloor\frac{m}{2}\rfloor} \otimes_{q}{\prod\limits_{i = 1}^{m}{Q_{2}^{l{\overset{\sim}{x}}_{i}r_{i}}.}}}$

The symbol “

” represents the tensor product in the finite field.

To explain simply and clearly about the shared key exchange method, we choose a simple instance. Where the chosen parameters are q=3, n=3, m=3. Given two primitive polynomial p₁(x)=p₂(x)=x³+x²−1 of degree 3 in a finite field

₃, its corresponding companion matrix (ergodic matrix) is

${Q_{1} = {Q_{2} = \begin{pmatrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 1 & 0 & {- 1} \end{pmatrix}}},$

choose x=(x₁, x₂x₃, x₄)=(3, 4, 5, 1)∈F₃ ₃ ₋₁, {tilde over (x)}=({tilde over (x)}₁, {tilde over (x)}₂, {tilde over (x)}₃, {tilde over (x)}₄)=(1, 2, 5, 6)∈F₃ ₃ ₋₁, take x, {tilde over (x)} as public parameters. The procedure of shared key exchange method are as following:

(1) Alice chooses uniformly at random r=(1, 0, 1, 0)⁴, computes Q₁ ^(<x,r>) mod 3 and Q₂ ^(<{tilde over (x)},r>) mod 3.

(2) Bob chooses uniformly at random 2, 7∈F₃ ₃ ₋₁ and

${M = {\begin{pmatrix} 1 & 2 & 1 \\ 0 & 2 & 0 \\ 1 & 1 & 1 \end{pmatrix} \in F_{3}^{3 \times 3}}},$

computes (Q₁ ^(2x) ¹

M

Q₂ ^(7{tilde over (x)}) ¹ , . . . , Q₁ ^(2x) ⁴

M

Q₂ ^(7{tilde over (x)}) ⁴ ).

(3) Alice sends (K A₁, K A₂)=(Q₁ ^(<x,r>), Q₂ ^(<{tilde over (x)},r>)) mod q to Bob.

(4) Bob sends (K B₁, K B₂, K B₃, K B₄)=(Q₁ ⁶

M

Q₂ ¹⁷, . . . , Q₁ ²

M

Q₂ ¹⁵) to Alice.

(5) Alice computes

${key}_{A} = {\prod\limits_{i = 1}^{m}{\left( {KB}_{i} \right)^{r_{i}}{mod}\; {q.}}}$

(6) Bob computes key_(B)=[K A₁]²

M²

[K A₂]⁷.

Alice and Bob can obtain the shared key through interactions:

${{key} = \begin{pmatrix} 1 & 1 & 2 & 2 & \ldots & 1 & 1 & 1 & 2 \\ 2 & 1 & 2 & 1 & \ldots & 1 & 2 & 1 & 2 \\ \vdots & \ddots & \ddots & \ddots & \ddots & \ddots & \ddots & \ddots & \vdots \\ 0 & 0 & 0 & 0 & \ldots & 1 & 1 & 1 & 1 \end{pmatrix}},$

The dimension of shared key is 27 rows 27 columns. Under the precondition of without affecting security and explanation, in order not to occupy more space, only parts of the shared key are given.

Parts, which may not mentioned in the description, also belong to the method.

The embodiment is described in a detailed manner to be better understood; however, the method is not limited to the embodiment. Substitutes for the method or the method in other forms are both within the protection scope. The protective scope is referred in the Claims. 

1. A asymmetric-computing type shared key establishing method suitable for cloud computing and IoT, characterized in that: (I) A system is established by setting an ergodic matrix Q∈F_(q) ^(n×n), selecting x₁, . . . , x_(m)∈F_(q) _(n) and x₁ , . . . , x_(m) ∈F_(q) _(n) randomly and uniformly, computing Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) in F_(q) ^(n×n), and using Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) as public parameters, wherein Q₁=Q^(x) ¹ , . . . , Q_(m)=Q^(x) ^(m) are irreversible pairwise in F_(q) ^(n×n), and Q₁ =Q ^(x) ¹ , . . . , Q_(m) =Q ^(x) ^(m) are irreversible pairwise in F_(q) ^(n×n); (II) A and B are supposed to be two communication parties respectively, and the two communication parties establish a shared key in the following steps that: 1) A selects $r = {\left( {r_{1},\ldots \mspace{14mu},r_{m}} \right) \in {\left\{ {0,1} \right\}^{m}\left( {{{wt}(r)} = \left\lfloor \frac{m}{2} \right\rfloor} \right)}}$ randomly and uniformly, uses r as a private key, and computes $\prod\limits_{i = 1}^{m}{Q_{i}^{r_{i}}\mspace{14mu} {and}\mspace{14mu} {\prod\limits_{i = 1}^{m}{\overset{\_}{Q}}_{i}^{r_{i}}}}$ in F_(q) ^(n×n). 2) B selects k, l∈F_(q) _(n) and M∈F_(q) ^(n×n) randomly and uniformly, uses k, l, M as a private key, and computes (Q₁ ^(k)

M

Q₁ ^(l), . . . , Q_(m) ^(k)

M

Q_(m) ^(l)); 3) A transmits $\left( {{\prod\limits_{i = 1}^{m}Q_{i}^{r_{i}}},{\prod\limits_{i = 1}^{m}{\overset{\_}{Q}}_{i}^{r_{i}}}} \right)$ to B; 4) B transmits (Q_(l) ^(k)

M

Q₁ ^(l), . . . , Q_(m) ^(k)

M

Q_(m) ^(l)) to A; 5) A computes a shared ${key} = {\prod\limits_{i = 1}^{m}\left( {Q_{i}^{k} \otimes_{q}M \otimes_{q}{\overset{\_}{Q}}_{i}^{l}} \right)^{r_{i}}}$ by utilizing the private key thereof; and 6) B computes a shared key ${key} = {\left\lbrack {\prod\limits_{i = 1}^{m}Q_{i}^{r_{i}}} \right\rbrack^{k} \otimes_{q}M^{\lfloor\frac{m}{2}\rfloor} \otimes_{q}\left\lbrack {\prod\limits_{i = 1}^{m}{\overset{\_}{Q}}_{i}^{r_{i}}} \right\rbrack^{l}}$ by utilizing the private key thereof; and (III) A and B obtain a shared key $\prod\limits_{i = 1}^{m}{Q_{i}^{{kr}_{i}} \otimes_{q}M^{\lfloor\frac{m}{2\;}\rfloor} \otimes_{q}{\prod\limits_{i = 1}^{m}{\overset{\_}{Q}}_{i}^{{lr}_{i}}}}$ via negotiation according to a secret key negotiation protocol; Wherein, the symbol “

” represents the tensor product in the finite field, and matrix multiplications also work in finite field. 